1 |
commit: 49e769a53303da6d649610b2d4e1c4690776ef65 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Sep 21 15:56:25 2019 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Sep 21 15:56:25 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=49e769a5 |
7 |
|
8 |
Linux patch 4.4.194 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1193_linux-4.4.194.patch | 1406 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1410 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 7541a4e..ba81005 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -815,6 +815,10 @@ Patch: 1192_linux-4.4.193.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.4.193 |
23 |
|
24 |
+Patch: 1193_linux-4.4.194.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.4.194 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1193_linux-4.4.194.patch b/1193_linux-4.4.194.patch |
33 |
new file mode 100644 |
34 |
index 0000000..e6d98d1 |
35 |
--- /dev/null |
36 |
+++ b/1193_linux-4.4.194.patch |
37 |
@@ -0,0 +1,1406 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 34d2be9c8459..bea8f3f591c4 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,6 +1,6 @@ |
43 |
+ VERSION = 4 |
44 |
+ PATCHLEVEL = 4 |
45 |
+-SUBLEVEL = 193 |
46 |
++SUBLEVEL = 194 |
47 |
+ EXTRAVERSION = |
48 |
+ NAME = Blurry Fish Butt |
49 |
+ |
50 |
+diff --git a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig |
51 |
+index 3023f91c77c2..9843e52bbb13 100644 |
52 |
+--- a/arch/arc/configs/axs101_defconfig |
53 |
++++ b/arch/arc/configs/axs101_defconfig |
54 |
+@@ -11,7 +11,6 @@ CONFIG_NAMESPACES=y |
55 |
+ # CONFIG_UTS_NS is not set |
56 |
+ # CONFIG_PID_NS is not set |
57 |
+ CONFIG_BLK_DEV_INITRD=y |
58 |
+-CONFIG_INITRAMFS_SOURCE="../arc_initramfs/" |
59 |
+ CONFIG_EMBEDDED=y |
60 |
+ CONFIG_PERF_EVENTS=y |
61 |
+ # CONFIG_VM_EVENT_COUNTERS is not set |
62 |
+diff --git a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig |
63 |
+index f18107185f53..27c6cb573686 100644 |
64 |
+--- a/arch/arc/configs/axs103_defconfig |
65 |
++++ b/arch/arc/configs/axs103_defconfig |
66 |
+@@ -11,7 +11,6 @@ CONFIG_NAMESPACES=y |
67 |
+ # CONFIG_UTS_NS is not set |
68 |
+ # CONFIG_PID_NS is not set |
69 |
+ CONFIG_BLK_DEV_INITRD=y |
70 |
+-CONFIG_INITRAMFS_SOURCE="../../arc_initramfs_hs/" |
71 |
+ CONFIG_EMBEDDED=y |
72 |
+ CONFIG_PERF_EVENTS=y |
73 |
+ # CONFIG_VM_EVENT_COUNTERS is not set |
74 |
+diff --git a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig |
75 |
+index 6e1dd8521d2a..72f34534983f 100644 |
76 |
+--- a/arch/arc/configs/axs103_smp_defconfig |
77 |
++++ b/arch/arc/configs/axs103_smp_defconfig |
78 |
+@@ -11,7 +11,6 @@ CONFIG_NAMESPACES=y |
79 |
+ # CONFIG_UTS_NS is not set |
80 |
+ # CONFIG_PID_NS is not set |
81 |
+ CONFIG_BLK_DEV_INITRD=y |
82 |
+-CONFIG_INITRAMFS_SOURCE="../../arc_initramfs_hs/" |
83 |
+ CONFIG_EMBEDDED=y |
84 |
+ CONFIG_PERF_EVENTS=y |
85 |
+ # CONFIG_VM_EVENT_COUNTERS is not set |
86 |
+diff --git a/arch/arc/configs/nsim_700_defconfig b/arch/arc/configs/nsim_700_defconfig |
87 |
+index 86e5a62556a8..c93370cc840a 100644 |
88 |
+--- a/arch/arc/configs/nsim_700_defconfig |
89 |
++++ b/arch/arc/configs/nsim_700_defconfig |
90 |
+@@ -11,7 +11,6 @@ CONFIG_NAMESPACES=y |
91 |
+ # CONFIG_UTS_NS is not set |
92 |
+ # CONFIG_PID_NS is not set |
93 |
+ CONFIG_BLK_DEV_INITRD=y |
94 |
+-CONFIG_INITRAMFS_SOURCE="../arc_initramfs/" |
95 |
+ CONFIG_KALLSYMS_ALL=y |
96 |
+ CONFIG_EMBEDDED=y |
97 |
+ # CONFIG_SLUB_DEBUG is not set |
98 |
+diff --git a/arch/arc/configs/nsim_hs_defconfig b/arch/arc/configs/nsim_hs_defconfig |
99 |
+index f68838e8068a..27c73028b798 100644 |
100 |
+--- a/arch/arc/configs/nsim_hs_defconfig |
101 |
++++ b/arch/arc/configs/nsim_hs_defconfig |
102 |
+@@ -12,7 +12,6 @@ CONFIG_NAMESPACES=y |
103 |
+ # CONFIG_UTS_NS is not set |
104 |
+ # CONFIG_PID_NS is not set |
105 |
+ CONFIG_BLK_DEV_INITRD=y |
106 |
+-CONFIG_INITRAMFS_SOURCE="../arc_initramfs_hs/" |
107 |
+ CONFIG_KALLSYMS_ALL=y |
108 |
+ CONFIG_EMBEDDED=y |
109 |
+ # CONFIG_SLUB_DEBUG is not set |
110 |
+diff --git a/arch/arc/configs/nsim_hs_smp_defconfig b/arch/arc/configs/nsim_hs_smp_defconfig |
111 |
+index 96bd1c20fb0b..c3605874487b 100644 |
112 |
+--- a/arch/arc/configs/nsim_hs_smp_defconfig |
113 |
++++ b/arch/arc/configs/nsim_hs_smp_defconfig |
114 |
+@@ -9,7 +9,6 @@ CONFIG_NAMESPACES=y |
115 |
+ # CONFIG_UTS_NS is not set |
116 |
+ # CONFIG_PID_NS is not set |
117 |
+ CONFIG_BLK_DEV_INITRD=y |
118 |
+-CONFIG_INITRAMFS_SOURCE="../arc_initramfs_hs/" |
119 |
+ CONFIG_KALLSYMS_ALL=y |
120 |
+ CONFIG_EMBEDDED=y |
121 |
+ # CONFIG_SLUB_DEBUG is not set |
122 |
+diff --git a/arch/arc/configs/nsimosci_defconfig b/arch/arc/configs/nsimosci_defconfig |
123 |
+index a4d7b919224a..b7dbb20cd28b 100644 |
124 |
+--- a/arch/arc/configs/nsimosci_defconfig |
125 |
++++ b/arch/arc/configs/nsimosci_defconfig |
126 |
+@@ -12,7 +12,6 @@ CONFIG_NAMESPACES=y |
127 |
+ # CONFIG_UTS_NS is not set |
128 |
+ # CONFIG_PID_NS is not set |
129 |
+ CONFIG_BLK_DEV_INITRD=y |
130 |
+-CONFIG_INITRAMFS_SOURCE="../arc_initramfs/" |
131 |
+ CONFIG_KALLSYMS_ALL=y |
132 |
+ CONFIG_EMBEDDED=y |
133 |
+ # CONFIG_SLUB_DEBUG is not set |
134 |
+diff --git a/arch/arc/configs/nsimosci_hs_defconfig b/arch/arc/configs/nsimosci_hs_defconfig |
135 |
+index b3fb49c8bd14..ce22594bb0c7 100644 |
136 |
+--- a/arch/arc/configs/nsimosci_hs_defconfig |
137 |
++++ b/arch/arc/configs/nsimosci_hs_defconfig |
138 |
+@@ -12,7 +12,6 @@ CONFIG_NAMESPACES=y |
139 |
+ # CONFIG_UTS_NS is not set |
140 |
+ # CONFIG_PID_NS is not set |
141 |
+ CONFIG_BLK_DEV_INITRD=y |
142 |
+-CONFIG_INITRAMFS_SOURCE="../arc_initramfs_hs/" |
143 |
+ CONFIG_KALLSYMS_ALL=y |
144 |
+ CONFIG_EMBEDDED=y |
145 |
+ # CONFIG_SLUB_DEBUG is not set |
146 |
+diff --git a/arch/arc/configs/nsimosci_hs_smp_defconfig b/arch/arc/configs/nsimosci_hs_smp_defconfig |
147 |
+index 710c167bbdd8..f9e5aef7e04e 100644 |
148 |
+--- a/arch/arc/configs/nsimosci_hs_smp_defconfig |
149 |
++++ b/arch/arc/configs/nsimosci_hs_smp_defconfig |
150 |
+@@ -9,7 +9,6 @@ CONFIG_IKCONFIG_PROC=y |
151 |
+ # CONFIG_UTS_NS is not set |
152 |
+ # CONFIG_PID_NS is not set |
153 |
+ CONFIG_BLK_DEV_INITRD=y |
154 |
+-CONFIG_INITRAMFS_SOURCE="../arc_initramfs_hs/" |
155 |
+ # CONFIG_COMPAT_BRK is not set |
156 |
+ CONFIG_KPROBES=y |
157 |
+ CONFIG_MODULES=y |
158 |
+diff --git a/arch/arc/kernel/traps.c b/arch/arc/kernel/traps.c |
159 |
+index 2fb0cd39a31c..cd6e3615e3d1 100644 |
160 |
+--- a/arch/arc/kernel/traps.c |
161 |
++++ b/arch/arc/kernel/traps.c |
162 |
+@@ -163,3 +163,4 @@ void abort(void) |
163 |
+ { |
164 |
+ __asm__ __volatile__("trap_s 5\n"); |
165 |
+ } |
166 |
++EXPORT_SYMBOL(abort); |
167 |
+diff --git a/arch/arm/mach-omap2/omap4-common.c b/arch/arm/mach-omap2/omap4-common.c |
168 |
+index 949696b6f17b..511fd08c784b 100644 |
169 |
+--- a/arch/arm/mach-omap2/omap4-common.c |
170 |
++++ b/arch/arm/mach-omap2/omap4-common.c |
171 |
+@@ -131,6 +131,9 @@ static int __init omap4_sram_init(void) |
172 |
+ struct device_node *np; |
173 |
+ struct gen_pool *sram_pool; |
174 |
+ |
175 |
++ if (!soc_is_omap44xx() && !soc_is_omap54xx()) |
176 |
++ return 0; |
177 |
++ |
178 |
+ np = of_find_compatible_node(NULL, NULL, "ti,omap4-mpu"); |
179 |
+ if (!np) |
180 |
+ pr_warn("%s:Unable to allocate sram needed to handle errata I688\n", |
181 |
+diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c |
182 |
+index a9f6705aea23..731b7e64715b 100644 |
183 |
+--- a/arch/arm/mm/init.c |
184 |
++++ b/arch/arm/mm/init.c |
185 |
+@@ -691,7 +691,8 @@ static void update_sections_early(struct section_perm perms[], int n) |
186 |
+ if (t->flags & PF_KTHREAD) |
187 |
+ continue; |
188 |
+ for_each_thread(t, s) |
189 |
+- set_section_perms(perms, n, true, s->mm); |
190 |
++ if (s->mm) |
191 |
++ set_section_perms(perms, n, true, s->mm); |
192 |
+ } |
193 |
+ read_unlock(&tasklist_lock); |
194 |
+ set_section_perms(perms, n, true, current->active_mm); |
195 |
+diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig |
196 |
+index 687a3eb8d4d9..422624ca0132 100644 |
197 |
+--- a/arch/mips/Kconfig |
198 |
++++ b/arch/mips/Kconfig |
199 |
+@@ -761,7 +761,6 @@ config SIBYTE_SWARM |
200 |
+ select SYS_SUPPORTS_HIGHMEM |
201 |
+ select SYS_SUPPORTS_LITTLE_ENDIAN |
202 |
+ select ZONE_DMA32 if 64BIT |
203 |
+- select SWIOTLB if ARCH_DMA_ADDR_T_64BIT && PCI |
204 |
+ |
205 |
+ config SIBYTE_LITTLESUR |
206 |
+ bool "Sibyte BCM91250C2-LittleSur" |
207 |
+@@ -784,7 +783,6 @@ config SIBYTE_SENTOSA |
208 |
+ select SYS_HAS_CPU_SB1 |
209 |
+ select SYS_SUPPORTS_BIG_ENDIAN |
210 |
+ select SYS_SUPPORTS_LITTLE_ENDIAN |
211 |
+- select SWIOTLB if ARCH_DMA_ADDR_T_64BIT && PCI |
212 |
+ |
213 |
+ config SIBYTE_BIGSUR |
214 |
+ bool "Sibyte BCM91480B-BigSur" |
215 |
+@@ -798,7 +796,6 @@ config SIBYTE_BIGSUR |
216 |
+ select SYS_SUPPORTS_HIGHMEM |
217 |
+ select SYS_SUPPORTS_LITTLE_ENDIAN |
218 |
+ select ZONE_DMA32 if 64BIT |
219 |
+- select SWIOTLB if ARCH_DMA_ADDR_T_64BIT && PCI |
220 |
+ |
221 |
+ config SNI_RM |
222 |
+ bool "SNI RM200/300/400" |
223 |
+diff --git a/arch/mips/include/asm/netlogic/xlr/fmn.h b/arch/mips/include/asm/netlogic/xlr/fmn.h |
224 |
+index 5604db3d1836..d79c68fa78d9 100644 |
225 |
+--- a/arch/mips/include/asm/netlogic/xlr/fmn.h |
226 |
++++ b/arch/mips/include/asm/netlogic/xlr/fmn.h |
227 |
+@@ -301,8 +301,6 @@ static inline int nlm_fmn_send(unsigned int size, unsigned int code, |
228 |
+ for (i = 0; i < 8; i++) { |
229 |
+ nlm_msgsnd(dest); |
230 |
+ status = nlm_read_c2_status0(); |
231 |
+- if ((status & 0x2) == 1) |
232 |
+- pr_info("Send pending fail!\n"); |
233 |
+ if ((status & 0x4) == 0) |
234 |
+ return 0; |
235 |
+ } |
236 |
+diff --git a/arch/mips/include/asm/smp.h b/arch/mips/include/asm/smp.h |
237 |
+index 03722d4326a1..82852dfd8dab 100644 |
238 |
+--- a/arch/mips/include/asm/smp.h |
239 |
++++ b/arch/mips/include/asm/smp.h |
240 |
+@@ -25,7 +25,17 @@ extern cpumask_t cpu_sibling_map[]; |
241 |
+ extern cpumask_t cpu_core_map[]; |
242 |
+ extern cpumask_t cpu_foreign_map; |
243 |
+ |
244 |
+-#define raw_smp_processor_id() (current_thread_info()->cpu) |
245 |
++static inline int raw_smp_processor_id(void) |
246 |
++{ |
247 |
++#if defined(__VDSO__) |
248 |
++ extern int vdso_smp_processor_id(void) |
249 |
++ __compiletime_error("VDSO should not call smp_processor_id()"); |
250 |
++ return vdso_smp_processor_id(); |
251 |
++#else |
252 |
++ return current_thread_info()->cpu; |
253 |
++#endif |
254 |
++} |
255 |
++#define raw_smp_processor_id raw_smp_processor_id |
256 |
+ |
257 |
+ /* Map from cpu id to sequential logical cpu number. This will only |
258 |
+ not be idempotent when cpus failed to come on-line. */ |
259 |
+diff --git a/arch/mips/sibyte/common/Makefile b/arch/mips/sibyte/common/Makefile |
260 |
+index 3ef3fb658136..b3d6bf23a662 100644 |
261 |
+--- a/arch/mips/sibyte/common/Makefile |
262 |
++++ b/arch/mips/sibyte/common/Makefile |
263 |
+@@ -1,5 +1,4 @@ |
264 |
+ obj-y := cfe.o |
265 |
+-obj-$(CONFIG_SWIOTLB) += dma.o |
266 |
+ obj-$(CONFIG_SIBYTE_BUS_WATCHER) += bus_watcher.o |
267 |
+ obj-$(CONFIG_SIBYTE_CFE_CONSOLE) += cfe_console.o |
268 |
+ obj-$(CONFIG_SIBYTE_TBPROF) += sb_tbprof.o |
269 |
+diff --git a/arch/mips/sibyte/common/dma.c b/arch/mips/sibyte/common/dma.c |
270 |
+deleted file mode 100644 |
271 |
+index eb47a94f3583..000000000000 |
272 |
+--- a/arch/mips/sibyte/common/dma.c |
273 |
++++ /dev/null |
274 |
+@@ -1,14 +0,0 @@ |
275 |
+-// SPDX-License-Identifier: GPL-2.0+ |
276 |
+-/* |
277 |
+- * DMA support for Broadcom SiByte platforms. |
278 |
+- * |
279 |
+- * Copyright (c) 2018 Maciej W. Rozycki |
280 |
+- */ |
281 |
+- |
282 |
+-#include <linux/swiotlb.h> |
283 |
+-#include <asm/bootinfo.h> |
284 |
+- |
285 |
+-void __init plat_swiotlb_setup(void) |
286 |
+-{ |
287 |
+- swiotlb_init(1); |
288 |
+-} |
289 |
+diff --git a/arch/mips/vdso/Makefile b/arch/mips/vdso/Makefile |
290 |
+index 886005b1e87d..dfd082eb86f8 100644 |
291 |
+--- a/arch/mips/vdso/Makefile |
292 |
++++ b/arch/mips/vdso/Makefile |
293 |
+@@ -6,7 +6,9 @@ ccflags-vdso := \ |
294 |
+ $(filter -I%,$(KBUILD_CFLAGS)) \ |
295 |
+ $(filter -E%,$(KBUILD_CFLAGS)) \ |
296 |
+ $(filter -mmicromips,$(KBUILD_CFLAGS)) \ |
297 |
+- $(filter -march=%,$(KBUILD_CFLAGS)) |
298 |
++ $(filter -march=%,$(KBUILD_CFLAGS)) \ |
299 |
++ $(filter -m%-float,$(KBUILD_CFLAGS)) \ |
300 |
++ -D__VDSO__ |
301 |
+ cflags-vdso := $(ccflags-vdso) \ |
302 |
+ $(filter -W%,$(filter-out -Wa$(comma)%,$(KBUILD_CFLAGS))) \ |
303 |
+ -O2 -g -fPIC -fno-strict-aliasing -fno-common -fno-builtin -G 0 \ |
304 |
+diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c |
305 |
+index 6a75352f453c..950b0c00a092 100644 |
306 |
+--- a/arch/s390/kvm/interrupt.c |
307 |
++++ b/arch/s390/kvm/interrupt.c |
308 |
+@@ -1487,6 +1487,16 @@ int s390int_to_s390irq(struct kvm_s390_interrupt *s390int, |
309 |
+ case KVM_S390_MCHK: |
310 |
+ irq->u.mchk.mcic = s390int->parm64; |
311 |
+ break; |
312 |
++ case KVM_S390_INT_PFAULT_INIT: |
313 |
++ irq->u.ext.ext_params = s390int->parm; |
314 |
++ irq->u.ext.ext_params2 = s390int->parm64; |
315 |
++ break; |
316 |
++ case KVM_S390_RESTART: |
317 |
++ case KVM_S390_INT_CLOCK_COMP: |
318 |
++ case KVM_S390_INT_CPU_TIMER: |
319 |
++ break; |
320 |
++ default: |
321 |
++ return -EINVAL; |
322 |
+ } |
323 |
+ return 0; |
324 |
+ } |
325 |
+diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c |
326 |
+index 23911ecfbad6..14d2ca9c779e 100644 |
327 |
+--- a/arch/s390/kvm/kvm-s390.c |
328 |
++++ b/arch/s390/kvm/kvm-s390.c |
329 |
+@@ -2541,7 +2541,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp, |
330 |
+ } |
331 |
+ case KVM_S390_INTERRUPT: { |
332 |
+ struct kvm_s390_interrupt s390int; |
333 |
+- struct kvm_s390_irq s390irq; |
334 |
++ struct kvm_s390_irq s390irq = {}; |
335 |
+ |
336 |
+ r = -EFAULT; |
337 |
+ if (copy_from_user(&s390int, argp, sizeof(s390int))) |
338 |
+diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c |
339 |
+index 727693e283da..bcf409997d6d 100644 |
340 |
+--- a/arch/s390/net/bpf_jit_comp.c |
341 |
++++ b/arch/s390/net/bpf_jit_comp.c |
342 |
+@@ -886,7 +886,7 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
343 |
+ break; |
344 |
+ case BPF_ALU64 | BPF_NEG: /* dst = -dst */ |
345 |
+ /* lcgr %dst,%dst */ |
346 |
+- EMIT4(0xb9130000, dst_reg, dst_reg); |
347 |
++ EMIT4(0xb9030000, dst_reg, dst_reg); |
348 |
+ break; |
349 |
+ /* |
350 |
+ * BPF_FROM_BE/LE |
351 |
+@@ -1067,8 +1067,8 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
352 |
+ /* llgf %w1,map.max_entries(%b2) */ |
353 |
+ EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2, |
354 |
+ offsetof(struct bpf_array, map.max_entries)); |
355 |
+- /* clgrj %b3,%w1,0xa,label0: if %b3 >= %w1 goto out */ |
356 |
+- EMIT6_PCREL_LABEL(0xec000000, 0x0065, BPF_REG_3, |
357 |
++ /* clrj %b3,%w1,0xa,label0: if (u32)%b3 >= (u32)%w1 goto out */ |
358 |
++ EMIT6_PCREL_LABEL(0xec000000, 0x0077, BPF_REG_3, |
359 |
+ REG_W1, 0, 0xa); |
360 |
+ |
361 |
+ /* |
362 |
+@@ -1094,8 +1094,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
363 |
+ * goto out; |
364 |
+ */ |
365 |
+ |
366 |
+- /* sllg %r1,%b3,3: %r1 = index * 8 */ |
367 |
+- EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, BPF_REG_3, REG_0, 3); |
368 |
++ /* llgfr %r1,%b3: %r1 = (u32) index */ |
369 |
++ EMIT4(0xb9160000, REG_1, BPF_REG_3); |
370 |
++ /* sllg %r1,%r1,3: %r1 *= 8 */ |
371 |
++ EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3); |
372 |
+ /* lg %r1,prog(%b2,%r1) */ |
373 |
+ EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, BPF_REG_2, |
374 |
+ REG_1, offsetof(struct bpf_array, ptrs)); |
375 |
+diff --git a/arch/x86/Makefile b/arch/x86/Makefile |
376 |
+index 00e0226634fa..8b4d022ce0cb 100644 |
377 |
+--- a/arch/x86/Makefile |
378 |
++++ b/arch/x86/Makefile |
379 |
+@@ -38,6 +38,7 @@ REALMODE_CFLAGS := $(M16_CFLAGS) -g -Os -D__KERNEL__ \ |
380 |
+ |
381 |
+ REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -ffreestanding) |
382 |
+ REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -fno-stack-protector) |
383 |
++REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -Wno-address-of-packed-member) |
384 |
+ REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), $(cc_stack_align4)) |
385 |
+ export REALMODE_CFLAGS |
386 |
+ |
387 |
+diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h |
388 |
+index 0232b5a2a2d9..588d8fbd1e6d 100644 |
389 |
+--- a/arch/x86/include/asm/bootparam_utils.h |
390 |
++++ b/arch/x86/include/asm/bootparam_utils.h |
391 |
+@@ -71,6 +71,7 @@ static void sanitize_boot_params(struct boot_params *boot_params) |
392 |
+ BOOT_PARAM_PRESERVE(edd_mbr_sig_buf_entries), |
393 |
+ BOOT_PARAM_PRESERVE(edd_mbr_sig_buffer), |
394 |
+ BOOT_PARAM_PRESERVE(hdr), |
395 |
++ BOOT_PARAM_PRESERVE(e820_map), |
396 |
+ BOOT_PARAM_PRESERVE(eddbuf), |
397 |
+ }; |
398 |
+ |
399 |
+diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c |
400 |
+index fd945099fc95..4d5e8ff3b5e5 100644 |
401 |
+--- a/arch/x86/kernel/apic/io_apic.c |
402 |
++++ b/arch/x86/kernel/apic/io_apic.c |
403 |
+@@ -2344,7 +2344,13 @@ unsigned int arch_dynirq_lower_bound(unsigned int from) |
404 |
+ * dmar_alloc_hwirq() may be called before setup_IO_APIC(), so use |
405 |
+ * gsi_top if ioapic_dynirq_base hasn't been initialized yet. |
406 |
+ */ |
407 |
+- return ioapic_initialized ? ioapic_dynirq_base : gsi_top; |
408 |
++ if (!ioapic_initialized) |
409 |
++ return gsi_top; |
410 |
++ /* |
411 |
++ * For DT enabled machines ioapic_dynirq_base is irrelevant and not |
412 |
++ * updated. So simply return @from if ioapic_dynirq_base == 0. |
413 |
++ */ |
414 |
++ return ioapic_dynirq_base ? : from; |
415 |
+ } |
416 |
+ |
417 |
+ #ifdef CONFIG_X86_32 |
418 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
419 |
+index 098be61a6b4c..343c8ddad86a 100644 |
420 |
+--- a/arch/x86/kvm/vmx.c |
421 |
++++ b/arch/x86/kvm/vmx.c |
422 |
+@@ -7247,6 +7247,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu) |
423 |
+ unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); |
424 |
+ u32 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO); |
425 |
+ gva_t gva = 0; |
426 |
++ struct x86_exception e; |
427 |
+ |
428 |
+ if (!nested_vmx_check_permission(vcpu) || |
429 |
+ !nested_vmx_check_vmcs12(vcpu)) |
430 |
+@@ -7273,8 +7274,10 @@ static int handle_vmread(struct kvm_vcpu *vcpu) |
431 |
+ vmx_instruction_info, true, &gva)) |
432 |
+ return 1; |
433 |
+ /* _system ok, as nested_vmx_check_permission verified cpl=0 */ |
434 |
+- kvm_write_guest_virt_system(vcpu, gva, &field_value, |
435 |
+- (is_long_mode(vcpu) ? 8 : 4), NULL); |
436 |
++ if (kvm_write_guest_virt_system(vcpu, gva, &field_value, |
437 |
++ (is_long_mode(vcpu) ? 8 : 4), |
438 |
++ NULL)) |
439 |
++ kvm_inject_page_fault(vcpu, &e); |
440 |
+ } |
441 |
+ |
442 |
+ nested_vmx_succeed(vcpu); |
443 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
444 |
+index 9f70de2ca0e2..74674a6e4827 100644 |
445 |
+--- a/arch/x86/kvm/x86.c |
446 |
++++ b/arch/x86/kvm/x86.c |
447 |
+@@ -4337,6 +4337,13 @@ static int emulator_write_std(struct x86_emulate_ctxt *ctxt, gva_t addr, void *v |
448 |
+ if (!system && kvm_x86_ops->get_cpl(vcpu) == 3) |
449 |
+ access |= PFERR_USER_MASK; |
450 |
+ |
451 |
++ /* |
452 |
++ * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED |
453 |
++ * is returned, but our callers are not ready for that and they blindly |
454 |
++ * call kvm_inject_page_fault. Ensure that they at least do not leak |
455 |
++ * uninitialized kernel stack memory into cr2 and error code. |
456 |
++ */ |
457 |
++ memset(exception, 0, sizeof(*exception)); |
458 |
+ return kvm_write_guest_virt_helper(addr, val, bytes, vcpu, |
459 |
+ access, exception); |
460 |
+ } |
461 |
+diff --git a/drivers/atm/Kconfig b/drivers/atm/Kconfig |
462 |
+index 31c60101a69a..7fa840170151 100644 |
463 |
+--- a/drivers/atm/Kconfig |
464 |
++++ b/drivers/atm/Kconfig |
465 |
+@@ -199,7 +199,7 @@ config ATM_NICSTAR_USE_SUNI |
466 |
+ make the card work). |
467 |
+ |
468 |
+ config ATM_NICSTAR_USE_IDT77105 |
469 |
+- bool "Use IDT77015 PHY driver (25Mbps)" |
470 |
++ bool "Use IDT77105 PHY driver (25Mbps)" |
471 |
+ depends on ATM_NICSTAR |
472 |
+ help |
473 |
+ Support for the PHYsical layer chip in ForeRunner LE25 cards. In |
474 |
+diff --git a/drivers/base/core.c b/drivers/base/core.c |
475 |
+index cb5718d2669e..af948fedd232 100644 |
476 |
+--- a/drivers/base/core.c |
477 |
++++ b/drivers/base/core.c |
478 |
+@@ -857,12 +857,63 @@ static inline struct kobject *get_glue_dir(struct device *dev) |
479 |
+ */ |
480 |
+ static void cleanup_glue_dir(struct device *dev, struct kobject *glue_dir) |
481 |
+ { |
482 |
++ unsigned int ref; |
483 |
++ |
484 |
+ /* see if we live in a "glue" directory */ |
485 |
+ if (!live_in_glue_dir(glue_dir, dev)) |
486 |
+ return; |
487 |
+ |
488 |
+ mutex_lock(&gdp_mutex); |
489 |
+- if (!kobject_has_children(glue_dir)) |
490 |
++ /** |
491 |
++ * There is a race condition between removing glue directory |
492 |
++ * and adding a new device under the glue directory. |
493 |
++ * |
494 |
++ * CPU1: CPU2: |
495 |
++ * |
496 |
++ * device_add() |
497 |
++ * get_device_parent() |
498 |
++ * class_dir_create_and_add() |
499 |
++ * kobject_add_internal() |
500 |
++ * create_dir() // create glue_dir |
501 |
++ * |
502 |
++ * device_add() |
503 |
++ * get_device_parent() |
504 |
++ * kobject_get() // get glue_dir |
505 |
++ * |
506 |
++ * device_del() |
507 |
++ * cleanup_glue_dir() |
508 |
++ * kobject_del(glue_dir) |
509 |
++ * |
510 |
++ * kobject_add() |
511 |
++ * kobject_add_internal() |
512 |
++ * create_dir() // in glue_dir |
513 |
++ * sysfs_create_dir_ns() |
514 |
++ * kernfs_create_dir_ns(sd) |
515 |
++ * |
516 |
++ * sysfs_remove_dir() // glue_dir->sd=NULL |
517 |
++ * sysfs_put() // free glue_dir->sd |
518 |
++ * |
519 |
++ * // sd is freed |
520 |
++ * kernfs_new_node(sd) |
521 |
++ * kernfs_get(glue_dir) |
522 |
++ * kernfs_add_one() |
523 |
++ * kernfs_put() |
524 |
++ * |
525 |
++ * Before CPU1 remove last child device under glue dir, if CPU2 add |
526 |
++ * a new device under glue dir, the glue_dir kobject reference count |
527 |
++ * will be increase to 2 in kobject_get(k). And CPU2 has been called |
528 |
++ * kernfs_create_dir_ns(). Meanwhile, CPU1 call sysfs_remove_dir() |
529 |
++ * and sysfs_put(). This result in glue_dir->sd is freed. |
530 |
++ * |
531 |
++ * Then the CPU2 will see a stale "empty" but still potentially used |
532 |
++ * glue dir around in kernfs_new_node(). |
533 |
++ * |
534 |
++ * In order to avoid this happening, we also should make sure that |
535 |
++ * kernfs_node for glue_dir is released in CPU1 only when refcount |
536 |
++ * for glue_dir kobj is 1. |
537 |
++ */ |
538 |
++ ref = atomic_read(&glue_dir->kref.refcount); |
539 |
++ if (!kobject_has_children(glue_dir) && !--ref) |
540 |
+ kobject_del(glue_dir); |
541 |
+ kobject_put(glue_dir); |
542 |
+ mutex_unlock(&gdp_mutex); |
543 |
+diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c |
544 |
+index a04810837234..a12a163c6e6d 100644 |
545 |
+--- a/drivers/block/floppy.c |
546 |
++++ b/drivers/block/floppy.c |
547 |
+@@ -3784,7 +3784,7 @@ static int compat_getdrvprm(int drive, |
548 |
+ v.native_format = UDP->native_format; |
549 |
+ mutex_unlock(&floppy_mutex); |
550 |
+ |
551 |
+- if (copy_from_user(arg, &v, sizeof(struct compat_floppy_drive_params))) |
552 |
++ if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_params))) |
553 |
+ return -EFAULT; |
554 |
+ return 0; |
555 |
+ } |
556 |
+@@ -3820,7 +3820,7 @@ static int compat_getdrvstat(int drive, bool poll, |
557 |
+ v.bufblocks = UDRS->bufblocks; |
558 |
+ mutex_unlock(&floppy_mutex); |
559 |
+ |
560 |
+- if (copy_from_user(arg, &v, sizeof(struct compat_floppy_drive_struct))) |
561 |
++ if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_struct))) |
562 |
+ return -EFAULT; |
563 |
+ return 0; |
564 |
+ Eintr: |
565 |
+diff --git a/drivers/clk/rockchip/clk-mmc-phase.c b/drivers/clk/rockchip/clk-mmc-phase.c |
566 |
+index b840e4ace623..2b289581d570 100644 |
567 |
+--- a/drivers/clk/rockchip/clk-mmc-phase.c |
568 |
++++ b/drivers/clk/rockchip/clk-mmc-phase.c |
569 |
+@@ -61,10 +61,8 @@ static int rockchip_mmc_get_phase(struct clk_hw *hw) |
570 |
+ u32 delay_num = 0; |
571 |
+ |
572 |
+ /* See the comment for rockchip_mmc_set_phase below */ |
573 |
+- if (!rate) { |
574 |
+- pr_err("%s: invalid clk rate\n", __func__); |
575 |
++ if (!rate) |
576 |
+ return -EINVAL; |
577 |
+- } |
578 |
+ |
579 |
+ raw_value = readl(mmc_clock->reg) >> (mmc_clock->shift); |
580 |
+ |
581 |
+diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c |
582 |
+index a000c2667392..014745271bb4 100644 |
583 |
+--- a/drivers/crypto/talitos.c |
584 |
++++ b/drivers/crypto/talitos.c |
585 |
+@@ -1426,6 +1426,18 @@ static void unmap_sg_talitos_ptr(struct device *dev, struct scatterlist *src, |
586 |
+ } |
587 |
+ } |
588 |
+ |
589 |
++static int ablkcipher_aes_setkey(struct crypto_ablkcipher *cipher, |
590 |
++ const u8 *key, unsigned int keylen) |
591 |
++{ |
592 |
++ if (keylen == AES_KEYSIZE_128 || keylen == AES_KEYSIZE_192 || |
593 |
++ keylen == AES_KEYSIZE_256) |
594 |
++ return ablkcipher_setkey(cipher, key, keylen); |
595 |
++ |
596 |
++ crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); |
597 |
++ |
598 |
++ return -EINVAL; |
599 |
++} |
600 |
++ |
601 |
+ static void common_nonsnoop_unmap(struct device *dev, |
602 |
+ struct talitos_edesc *edesc, |
603 |
+ struct ablkcipher_request *areq) |
604 |
+@@ -1629,6 +1641,14 @@ static int ablkcipher_encrypt(struct ablkcipher_request *areq) |
605 |
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq); |
606 |
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher); |
607 |
+ struct talitos_edesc *edesc; |
608 |
++ unsigned int blocksize = |
609 |
++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher)); |
610 |
++ |
611 |
++ if (!areq->nbytes) |
612 |
++ return 0; |
613 |
++ |
614 |
++ if (areq->nbytes % blocksize) |
615 |
++ return -EINVAL; |
616 |
+ |
617 |
+ /* allocate extended descriptor */ |
618 |
+ edesc = ablkcipher_edesc_alloc(areq, true); |
619 |
+@@ -1646,6 +1666,14 @@ static int ablkcipher_decrypt(struct ablkcipher_request *areq) |
620 |
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq); |
621 |
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher); |
622 |
+ struct talitos_edesc *edesc; |
623 |
++ unsigned int blocksize = |
624 |
++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher)); |
625 |
++ |
626 |
++ if (!areq->nbytes) |
627 |
++ return 0; |
628 |
++ |
629 |
++ if (areq->nbytes % blocksize) |
630 |
++ return -EINVAL; |
631 |
+ |
632 |
+ /* allocate extended descriptor */ |
633 |
+ edesc = ablkcipher_edesc_alloc(areq, false); |
634 |
+@@ -2379,6 +2407,7 @@ static struct talitos_alg_template driver_algs[] = { |
635 |
+ .min_keysize = AES_MIN_KEY_SIZE, |
636 |
+ .max_keysize = AES_MAX_KEY_SIZE, |
637 |
+ .ivsize = AES_BLOCK_SIZE, |
638 |
++ .setkey = ablkcipher_aes_setkey, |
639 |
+ } |
640 |
+ }, |
641 |
+ .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU | |
642 |
+diff --git a/drivers/dma/omap-dma.c b/drivers/dma/omap-dma.c |
643 |
+index 1dfc71c90123..57b6e6ca14a8 100644 |
644 |
+--- a/drivers/dma/omap-dma.c |
645 |
++++ b/drivers/dma/omap-dma.c |
646 |
+@@ -1199,8 +1199,10 @@ static int omap_dma_probe(struct platform_device *pdev) |
647 |
+ |
648 |
+ rc = devm_request_irq(&pdev->dev, irq, omap_dma_irq, |
649 |
+ IRQF_SHARED, "omap-dma-engine", od); |
650 |
+- if (rc) |
651 |
++ if (rc) { |
652 |
++ omap_dma_free(od); |
653 |
+ return rc; |
654 |
++ } |
655 |
+ } |
656 |
+ |
657 |
+ rc = dma_async_device_register(&od->ddev); |
658 |
+diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c |
659 |
+index 6a2df3297e77..691ad069444d 100644 |
660 |
+--- a/drivers/isdn/capi/capi.c |
661 |
++++ b/drivers/isdn/capi/capi.c |
662 |
+@@ -687,6 +687,9 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos |
663 |
+ if (!cdev->ap.applid) |
664 |
+ return -ENODEV; |
665 |
+ |
666 |
++ if (count < CAPIMSG_BASELEN) |
667 |
++ return -EINVAL; |
668 |
++ |
669 |
+ skb = alloc_skb(count, GFP_USER); |
670 |
+ if (!skb) |
671 |
+ return -ENOMEM; |
672 |
+@@ -697,7 +700,8 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos |
673 |
+ } |
674 |
+ mlen = CAPIMSG_LEN(skb->data); |
675 |
+ if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) { |
676 |
+- if ((size_t)(mlen + CAPIMSG_DATALEN(skb->data)) != count) { |
677 |
++ if (count < CAPI_DATA_B3_REQ_LEN || |
678 |
++ (size_t)(mlen + CAPIMSG_DATALEN(skb->data)) != count) { |
679 |
+ kfree_skb(skb); |
680 |
+ return -EINVAL; |
681 |
+ } |
682 |
+@@ -710,6 +714,10 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos |
683 |
+ CAPIMSG_SETAPPID(skb->data, cdev->ap.applid); |
684 |
+ |
685 |
+ if (CAPIMSG_CMD(skb->data) == CAPI_DISCONNECT_B3_RESP) { |
686 |
++ if (count < CAPI_DISCONNECT_B3_RESP_LEN) { |
687 |
++ kfree_skb(skb); |
688 |
++ return -EINVAL; |
689 |
++ } |
690 |
+ mutex_lock(&cdev->lock); |
691 |
+ capincci_free(cdev, CAPIMSG_NCCI(skb->data)); |
692 |
+ mutex_unlock(&cdev->lock); |
693 |
+diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c |
694 |
+index 6c3c47722955..30a8c21ed736 100644 |
695 |
+--- a/drivers/media/usb/dvb-usb/technisat-usb2.c |
696 |
++++ b/drivers/media/usb/dvb-usb/technisat-usb2.c |
697 |
+@@ -594,9 +594,9 @@ static int technisat_usb2_frontend_attach(struct dvb_usb_adapter *a) |
698 |
+ |
699 |
+ static int technisat_usb2_get_ir(struct dvb_usb_device *d) |
700 |
+ { |
701 |
+- u8 buf[62], *b; |
702 |
+- int ret; |
703 |
++ u8 buf[62]; |
704 |
+ struct ir_raw_event ev; |
705 |
++ int i, ret; |
706 |
+ |
707 |
+ buf[0] = GET_IR_DATA_VENDOR_REQUEST; |
708 |
+ buf[1] = 0x08; |
709 |
+@@ -632,26 +632,25 @@ unlock: |
710 |
+ return 0; /* no key pressed */ |
711 |
+ |
712 |
+ /* decoding */ |
713 |
+- b = buf+1; |
714 |
+ |
715 |
+ #if 0 |
716 |
+ deb_rc("RC: %d ", ret); |
717 |
+- debug_dump(b, ret, deb_rc); |
718 |
++ debug_dump(buf + 1, ret, deb_rc); |
719 |
+ #endif |
720 |
+ |
721 |
+ ev.pulse = 0; |
722 |
+- while (1) { |
723 |
+- ev.pulse = !ev.pulse; |
724 |
+- ev.duration = (*b * FIRMWARE_CLOCK_DIVISOR * FIRMWARE_CLOCK_TICK) / 1000; |
725 |
+- ir_raw_event_store(d->rc_dev, &ev); |
726 |
+- |
727 |
+- b++; |
728 |
+- if (*b == 0xff) { |
729 |
++ for (i = 1; i < ARRAY_SIZE(buf); i++) { |
730 |
++ if (buf[i] == 0xff) { |
731 |
+ ev.pulse = 0; |
732 |
+ ev.duration = 888888*2; |
733 |
+ ir_raw_event_store(d->rc_dev, &ev); |
734 |
+ break; |
735 |
+ } |
736 |
++ |
737 |
++ ev.pulse = !ev.pulse; |
738 |
++ ev.duration = (buf[i] * FIRMWARE_CLOCK_DIVISOR * |
739 |
++ FIRMWARE_CLOCK_TICK) / 1000; |
740 |
++ ir_raw_event_store(d->rc_dev, &ev); |
741 |
+ } |
742 |
+ |
743 |
+ ir_raw_event_handle(d->rc_dev); |
744 |
+diff --git a/drivers/media/usb/tm6000/tm6000-dvb.c b/drivers/media/usb/tm6000/tm6000-dvb.c |
745 |
+index 4f317e2686e9..87401b18d85a 100644 |
746 |
+--- a/drivers/media/usb/tm6000/tm6000-dvb.c |
747 |
++++ b/drivers/media/usb/tm6000/tm6000-dvb.c |
748 |
+@@ -111,6 +111,7 @@ static void tm6000_urb_received(struct urb *urb) |
749 |
+ printk(KERN_ERR "tm6000: error %s\n", __func__); |
750 |
+ kfree(urb->transfer_buffer); |
751 |
+ usb_free_urb(urb); |
752 |
++ dev->dvb->bulk_urb = NULL; |
753 |
+ } |
754 |
+ } |
755 |
+ } |
756 |
+@@ -143,6 +144,7 @@ static int tm6000_start_stream(struct tm6000_core *dev) |
757 |
+ dvb->bulk_urb->transfer_buffer = kzalloc(size, GFP_KERNEL); |
758 |
+ if (dvb->bulk_urb->transfer_buffer == NULL) { |
759 |
+ usb_free_urb(dvb->bulk_urb); |
760 |
++ dvb->bulk_urb = NULL; |
761 |
+ printk(KERN_ERR "tm6000: couldn't allocate transfer buffer!\n"); |
762 |
+ return -ENOMEM; |
763 |
+ } |
764 |
+@@ -170,6 +172,7 @@ static int tm6000_start_stream(struct tm6000_core *dev) |
765 |
+ |
766 |
+ kfree(dvb->bulk_urb->transfer_buffer); |
767 |
+ usb_free_urb(dvb->bulk_urb); |
768 |
++ dvb->bulk_urb = NULL; |
769 |
+ return ret; |
770 |
+ } |
771 |
+ |
772 |
+diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c |
773 |
+index dcd72b2a3715..8ba9eadc2079 100644 |
774 |
+--- a/drivers/net/ethernet/marvell/sky2.c |
775 |
++++ b/drivers/net/ethernet/marvell/sky2.c |
776 |
+@@ -4946,6 +4946,13 @@ static const struct dmi_system_id msi_blacklist[] = { |
777 |
+ DMI_MATCH(DMI_BOARD_NAME, "P6T"), |
778 |
+ }, |
779 |
+ }, |
780 |
++ { |
781 |
++ .ident = "ASUS P6X", |
782 |
++ .matches = { |
783 |
++ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."), |
784 |
++ DMI_MATCH(DMI_BOARD_NAME, "P6X"), |
785 |
++ }, |
786 |
++ }, |
787 |
+ {} |
788 |
+ }; |
789 |
+ |
790 |
+diff --git a/drivers/net/ethernet/seeq/sgiseeq.c b/drivers/net/ethernet/seeq/sgiseeq.c |
791 |
+index ca7336605748..2e5f7bbd30bf 100644 |
792 |
+--- a/drivers/net/ethernet/seeq/sgiseeq.c |
793 |
++++ b/drivers/net/ethernet/seeq/sgiseeq.c |
794 |
+@@ -792,15 +792,16 @@ static int sgiseeq_probe(struct platform_device *pdev) |
795 |
+ printk(KERN_ERR "Sgiseeq: Cannot register net device, " |
796 |
+ "aborting.\n"); |
797 |
+ err = -ENODEV; |
798 |
+- goto err_out_free_page; |
799 |
++ goto err_out_free_attrs; |
800 |
+ } |
801 |
+ |
802 |
+ printk(KERN_INFO "%s: %s %pM\n", dev->name, sgiseeqstr, dev->dev_addr); |
803 |
+ |
804 |
+ return 0; |
805 |
+ |
806 |
+-err_out_free_page: |
807 |
+- free_page((unsigned long) sp->srings); |
808 |
++err_out_free_attrs: |
809 |
++ dma_free_attrs(&pdev->dev, sizeof(*sp->srings), sp->srings, |
810 |
++ sp->srings_dma, DMA_ATTR_NON_CONSISTENT); |
811 |
+ err_out_free_dev: |
812 |
+ free_netdev(dev); |
813 |
+ |
814 |
+diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
815 |
+index fd9ff9eff237..2b7a3631b882 100644 |
816 |
+--- a/drivers/net/tun.c |
817 |
++++ b/drivers/net/tun.c |
818 |
+@@ -597,7 +597,8 @@ static void tun_detach_all(struct net_device *dev) |
819 |
+ module_put(THIS_MODULE); |
820 |
+ } |
821 |
+ |
822 |
+-static int tun_attach(struct tun_struct *tun, struct file *file, bool skip_filter) |
823 |
++static int tun_attach(struct tun_struct *tun, struct file *file, |
824 |
++ bool skip_filter, bool publish_tun) |
825 |
+ { |
826 |
+ struct tun_file *tfile = file->private_data; |
827 |
+ int err; |
828 |
+@@ -630,7 +631,8 @@ static int tun_attach(struct tun_struct *tun, struct file *file, bool skip_filte |
829 |
+ } |
830 |
+ tfile->queue_index = tun->numqueues; |
831 |
+ tfile->socket.sk->sk_shutdown &= ~RCV_SHUTDOWN; |
832 |
+- rcu_assign_pointer(tfile->tun, tun); |
833 |
++ if (publish_tun) |
834 |
++ rcu_assign_pointer(tfile->tun, tun); |
835 |
+ rcu_assign_pointer(tun->tfiles[tun->numqueues], tfile); |
836 |
+ tun->numqueues++; |
837 |
+ |
838 |
+@@ -1641,7 +1643,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) |
839 |
+ if (err < 0) |
840 |
+ return err; |
841 |
+ |
842 |
+- err = tun_attach(tun, file, ifr->ifr_flags & IFF_NOFILTER); |
843 |
++ err = tun_attach(tun, file, ifr->ifr_flags & IFF_NOFILTER, true); |
844 |
+ if (err < 0) |
845 |
+ return err; |
846 |
+ |
847 |
+@@ -1722,13 +1724,17 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) |
848 |
+ NETIF_F_HW_VLAN_STAG_TX); |
849 |
+ |
850 |
+ INIT_LIST_HEAD(&tun->disabled); |
851 |
+- err = tun_attach(tun, file, false); |
852 |
++ err = tun_attach(tun, file, false, false); |
853 |
+ if (err < 0) |
854 |
+ goto err_free_flow; |
855 |
+ |
856 |
+ err = register_netdevice(tun->dev); |
857 |
+ if (err < 0) |
858 |
+ goto err_detach; |
859 |
++ /* free_netdev() won't check refcnt, to aovid race |
860 |
++ * with dev_put() we need publish tun after registration. |
861 |
++ */ |
862 |
++ rcu_assign_pointer(tfile->tun, tun); |
863 |
+ } |
864 |
+ |
865 |
+ netif_carrier_on(tun->dev); |
866 |
+@@ -1867,7 +1873,7 @@ static int tun_set_queue(struct file *file, struct ifreq *ifr) |
867 |
+ ret = security_tun_dev_attach_queue(tun->security); |
868 |
+ if (ret < 0) |
869 |
+ goto unlock; |
870 |
+- ret = tun_attach(tun, file, false); |
871 |
++ ret = tun_attach(tun, file, false, true); |
872 |
+ } else if (ifr->ifr_flags & IFF_DETACH_QUEUE) { |
873 |
+ tun = rtnl_dereference(tfile->tun); |
874 |
+ if (!tun || !(tun->flags & IFF_MULTI_QUEUE) || tfile->detached) |
875 |
+diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c |
876 |
+index f71abe50ea6f..3707aab2423b 100644 |
877 |
+--- a/drivers/net/usb/cdc_ether.c |
878 |
++++ b/drivers/net/usb/cdc_ether.c |
879 |
+@@ -212,9 +212,16 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) |
880 |
+ goto bad_desc; |
881 |
+ } |
882 |
+ skip: |
883 |
+- if ( rndis && |
884 |
+- header.usb_cdc_acm_descriptor && |
885 |
+- header.usb_cdc_acm_descriptor->bmCapabilities) { |
886 |
++ /* Communcation class functions with bmCapabilities are not |
887 |
++ * RNDIS. But some Wireless class RNDIS functions use |
888 |
++ * bmCapabilities for their own purpose. The failsafe is |
889 |
++ * therefore applied only to Communication class RNDIS |
890 |
++ * functions. The rndis test is redundant, but a cheap |
891 |
++ * optimization. |
892 |
++ */ |
893 |
++ if (rndis && is_rndis(&intf->cur_altsetting->desc) && |
894 |
++ header.usb_cdc_acm_descriptor && |
895 |
++ header.usb_cdc_acm_descriptor->bmCapabilities) { |
896 |
+ dev_dbg(&intf->dev, |
897 |
+ "ACM capabilities %02x, not really RNDIS?\n", |
898 |
+ header.usb_cdc_acm_descriptor->bmCapabilities); |
899 |
+diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c |
900 |
+index 2d83689374bb..10dd307593e8 100644 |
901 |
+--- a/drivers/net/usb/r8152.c |
902 |
++++ b/drivers/net/usb/r8152.c |
903 |
+@@ -671,8 +671,11 @@ int get_registers(struct r8152 *tp, u16 value, u16 index, u16 size, void *data) |
904 |
+ ret = usb_control_msg(tp->udev, usb_rcvctrlpipe(tp->udev, 0), |
905 |
+ RTL8152_REQ_GET_REGS, RTL8152_REQT_READ, |
906 |
+ value, index, tmp, size, 500); |
907 |
++ if (ret < 0) |
908 |
++ memset(data, 0xff, size); |
909 |
++ else |
910 |
++ memcpy(data, tmp, size); |
911 |
+ |
912 |
+- memcpy(data, tmp, size); |
913 |
+ kfree(tmp); |
914 |
+ |
915 |
+ return ret; |
916 |
+diff --git a/drivers/net/wireless/mwifiex/ie.c b/drivers/net/wireless/mwifiex/ie.c |
917 |
+index de8435709735..4255fb8dd58a 100644 |
918 |
+--- a/drivers/net/wireless/mwifiex/ie.c |
919 |
++++ b/drivers/net/wireless/mwifiex/ie.c |
920 |
+@@ -240,6 +240,9 @@ static int mwifiex_update_vs_ie(const u8 *ies, int ies_len, |
921 |
+ } |
922 |
+ |
923 |
+ vs_ie = (struct ieee_types_header *)vendor_ie; |
924 |
++ if (le16_to_cpu(ie->ie_length) + vs_ie->len + 2 > |
925 |
++ IEEE_MAX_IE_SIZE) |
926 |
++ return -EINVAL; |
927 |
+ memcpy(ie->ie_buffer + le16_to_cpu(ie->ie_length), |
928 |
+ vs_ie, vs_ie->len + 2); |
929 |
+ le16_add_cpu(&ie->ie_length, vs_ie->len + 2); |
930 |
+diff --git a/drivers/net/wireless/mwifiex/uap_cmd.c b/drivers/net/wireless/mwifiex/uap_cmd.c |
931 |
+index 759a6ada5b0f..60bba1ca24e6 100644 |
932 |
+--- a/drivers/net/wireless/mwifiex/uap_cmd.c |
933 |
++++ b/drivers/net/wireless/mwifiex/uap_cmd.c |
934 |
+@@ -286,6 +286,8 @@ mwifiex_set_uap_rates(struct mwifiex_uap_bss_param *bss_cfg, |
935 |
+ |
936 |
+ rate_ie = (void *)cfg80211_find_ie(WLAN_EID_SUPP_RATES, var_pos, len); |
937 |
+ if (rate_ie) { |
938 |
++ if (rate_ie->len > MWIFIEX_SUPPORTED_RATES) |
939 |
++ return; |
940 |
+ memcpy(bss_cfg->rates, rate_ie + 1, rate_ie->len); |
941 |
+ rate_len = rate_ie->len; |
942 |
+ } |
943 |
+@@ -293,8 +295,11 @@ mwifiex_set_uap_rates(struct mwifiex_uap_bss_param *bss_cfg, |
944 |
+ rate_ie = (void *)cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, |
945 |
+ params->beacon.tail, |
946 |
+ params->beacon.tail_len); |
947 |
+- if (rate_ie) |
948 |
++ if (rate_ie) { |
949 |
++ if (rate_ie->len > MWIFIEX_SUPPORTED_RATES - rate_len) |
950 |
++ return; |
951 |
+ memcpy(bss_cfg->rates + rate_len, rate_ie + 1, rate_ie->len); |
952 |
++ } |
953 |
+ |
954 |
+ return; |
955 |
+ } |
956 |
+@@ -412,6 +417,8 @@ mwifiex_set_wmm_params(struct mwifiex_private *priv, |
957 |
+ params->beacon.tail_len); |
958 |
+ if (vendor_ie) { |
959 |
+ wmm_ie = (struct ieee_types_header *)vendor_ie; |
960 |
++ if (*(vendor_ie + 1) > sizeof(struct mwifiex_types_wmm_info)) |
961 |
++ return; |
962 |
+ memcpy(&bss_cfg->wmm_info, wmm_ie + 1, |
963 |
+ sizeof(bss_cfg->wmm_info)); |
964 |
+ priv->wmm_enabled = 1; |
965 |
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c |
966 |
+index 6f55ab4f7959..574c93a24180 100644 |
967 |
+--- a/drivers/net/xen-netfront.c |
968 |
++++ b/drivers/net/xen-netfront.c |
969 |
+@@ -893,7 +893,7 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, |
970 |
+ __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); |
971 |
+ } |
972 |
+ if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) { |
973 |
+- queue->rx.rsp_cons = ++cons; |
974 |
++ queue->rx.rsp_cons = ++cons + skb_queue_len(list); |
975 |
+ kfree_skb(nskb); |
976 |
+ return ~0U; |
977 |
+ } |
978 |
+diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c |
979 |
+index fc46c8cf5fcd..3bd19de7df71 100644 |
980 |
+--- a/drivers/tty/serial/atmel_serial.c |
981 |
++++ b/drivers/tty/serial/atmel_serial.c |
982 |
+@@ -1275,7 +1275,6 @@ atmel_handle_transmit(struct uart_port *port, unsigned int pending) |
983 |
+ |
984 |
+ atmel_port->hd_start_rx = false; |
985 |
+ atmel_start_rx(port); |
986 |
+- return; |
987 |
+ } |
988 |
+ |
989 |
+ tasklet_schedule(&atmel_port->tasklet); |
990 |
+diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c |
991 |
+index c894eca57e73..82e00ac6f7e3 100644 |
992 |
+--- a/drivers/tty/serial/sprd_serial.c |
993 |
++++ b/drivers/tty/serial/sprd_serial.c |
994 |
+@@ -240,7 +240,7 @@ static inline void sprd_rx(struct uart_port *port) |
995 |
+ |
996 |
+ if (lsr & (SPRD_LSR_BI | SPRD_LSR_PE | |
997 |
+ SPRD_LSR_FE | SPRD_LSR_OE)) |
998 |
+- if (handle_lsr_errors(port, &lsr, &flag)) |
999 |
++ if (handle_lsr_errors(port, &flag, &lsr)) |
1000 |
+ continue; |
1001 |
+ if (uart_handle_sysrq_char(port, ch)) |
1002 |
+ continue; |
1003 |
+diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c |
1004 |
+index aef208585544..5abc4e5434ec 100644 |
1005 |
+--- a/drivers/usb/core/config.c |
1006 |
++++ b/drivers/usb/core/config.c |
1007 |
+@@ -891,7 +891,7 @@ int usb_get_bos_descriptor(struct usb_device *dev) |
1008 |
+ struct usb_bos_descriptor *bos; |
1009 |
+ struct usb_dev_cap_header *cap; |
1010 |
+ struct usb_ssp_cap_descriptor *ssp_cap; |
1011 |
+- unsigned char *buffer; |
1012 |
++ unsigned char *buffer, *buffer0; |
1013 |
+ int length, total_len, num, i, ssac; |
1014 |
+ __u8 cap_type; |
1015 |
+ int ret; |
1016 |
+@@ -936,10 +936,12 @@ int usb_get_bos_descriptor(struct usb_device *dev) |
1017 |
+ ret = -ENOMSG; |
1018 |
+ goto err; |
1019 |
+ } |
1020 |
++ |
1021 |
++ buffer0 = buffer; |
1022 |
+ total_len -= length; |
1023 |
++ buffer += length; |
1024 |
+ |
1025 |
+ for (i = 0; i < num; i++) { |
1026 |
+- buffer += length; |
1027 |
+ cap = (struct usb_dev_cap_header *)buffer; |
1028 |
+ |
1029 |
+ if (total_len < sizeof(*cap) || total_len < cap->bLength) { |
1030 |
+@@ -953,8 +955,6 @@ int usb_get_bos_descriptor(struct usb_device *dev) |
1031 |
+ break; |
1032 |
+ } |
1033 |
+ |
1034 |
+- total_len -= length; |
1035 |
+- |
1036 |
+ if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) { |
1037 |
+ dev_warn(ddev, "descriptor type invalid, skip\n"); |
1038 |
+ continue; |
1039 |
+@@ -989,7 +989,11 @@ int usb_get_bos_descriptor(struct usb_device *dev) |
1040 |
+ default: |
1041 |
+ break; |
1042 |
+ } |
1043 |
++ |
1044 |
++ total_len -= length; |
1045 |
++ buffer += length; |
1046 |
+ } |
1047 |
++ dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0); |
1048 |
+ |
1049 |
+ return 0; |
1050 |
+ |
1051 |
+diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c |
1052 |
+index 57a46093656a..f9c3907bf159 100644 |
1053 |
+--- a/fs/btrfs/tree-log.c |
1054 |
++++ b/fs/btrfs/tree-log.c |
1055 |
+@@ -5133,7 +5133,7 @@ process_leaf: |
1056 |
+ } |
1057 |
+ |
1058 |
+ if (btrfs_inode_in_log(di_inode, trans->transid)) { |
1059 |
+- iput(di_inode); |
1060 |
++ btrfs_add_delayed_iput(di_inode); |
1061 |
+ continue; |
1062 |
+ } |
1063 |
+ |
1064 |
+@@ -5143,7 +5143,7 @@ process_leaf: |
1065 |
+ btrfs_release_path(path); |
1066 |
+ ret = btrfs_log_inode(trans, root, di_inode, |
1067 |
+ log_mode, 0, LLONG_MAX, ctx); |
1068 |
+- iput(di_inode); |
1069 |
++ btrfs_add_delayed_iput(di_inode); |
1070 |
+ if (ret) |
1071 |
+ goto next_dir_inode; |
1072 |
+ if (ctx->log_new_dentries) { |
1073 |
+@@ -5281,7 +5281,7 @@ static int btrfs_log_all_parents(struct btrfs_trans_handle *trans, |
1074 |
+ |
1075 |
+ ret = btrfs_log_inode(trans, root, dir_inode, |
1076 |
+ LOG_INODE_ALL, 0, LLONG_MAX, ctx); |
1077 |
+- iput(dir_inode); |
1078 |
++ btrfs_add_delayed_iput(dir_inode); |
1079 |
+ if (ret) |
1080 |
+ goto out; |
1081 |
+ } |
1082 |
+diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c |
1083 |
+index 9cb72fd40eff..63108343124a 100644 |
1084 |
+--- a/fs/cifs/connect.c |
1085 |
++++ b/fs/cifs/connect.c |
1086 |
+@@ -2466,6 +2466,7 @@ static int |
1087 |
+ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) |
1088 |
+ { |
1089 |
+ int rc = 0; |
1090 |
++ int is_domain = 0; |
1091 |
+ const char *delim, *payload; |
1092 |
+ char *desc; |
1093 |
+ ssize_t len; |
1094 |
+@@ -2513,6 +2514,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) |
1095 |
+ rc = PTR_ERR(key); |
1096 |
+ goto out_err; |
1097 |
+ } |
1098 |
++ is_domain = 1; |
1099 |
+ } |
1100 |
+ |
1101 |
+ down_read(&key->sem); |
1102 |
+@@ -2570,6 +2572,26 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses) |
1103 |
+ goto out_key_put; |
1104 |
+ } |
1105 |
+ |
1106 |
++ /* |
1107 |
++ * If we have a domain key then we must set the domainName in the |
1108 |
++ * for the request. |
1109 |
++ */ |
1110 |
++ if (is_domain && ses->domainName) { |
1111 |
++ vol->domainname = kstrndup(ses->domainName, |
1112 |
++ strlen(ses->domainName), |
1113 |
++ GFP_KERNEL); |
1114 |
++ if (!vol->domainname) { |
1115 |
++ cifs_dbg(FYI, "Unable to allocate %zd bytes for " |
1116 |
++ "domain\n", len); |
1117 |
++ rc = -ENOMEM; |
1118 |
++ kfree(vol->username); |
1119 |
++ vol->username = NULL; |
1120 |
++ kzfree(vol->password); |
1121 |
++ vol->password = NULL; |
1122 |
++ goto out_key_put; |
1123 |
++ } |
1124 |
++ } |
1125 |
++ |
1126 |
+ out_key_put: |
1127 |
+ up_read(&key->sem); |
1128 |
+ key_put(key); |
1129 |
+diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c |
1130 |
+index d3e3761eacfa..c5e884585c23 100644 |
1131 |
+--- a/fs/nfs/nfs4file.c |
1132 |
++++ b/fs/nfs/nfs4file.c |
1133 |
+@@ -73,13 +73,13 @@ nfs4_file_open(struct inode *inode, struct file *filp) |
1134 |
+ if (IS_ERR(inode)) { |
1135 |
+ err = PTR_ERR(inode); |
1136 |
+ switch (err) { |
1137 |
+- case -EPERM: |
1138 |
+- case -EACCES: |
1139 |
+- case -EDQUOT: |
1140 |
+- case -ENOSPC: |
1141 |
+- case -EROFS: |
1142 |
+- goto out_put_ctx; |
1143 |
+ default: |
1144 |
++ goto out_put_ctx; |
1145 |
++ case -ENOENT: |
1146 |
++ case -ESTALE: |
1147 |
++ case -EISDIR: |
1148 |
++ case -ENOTDIR: |
1149 |
++ case -ELOOP: |
1150 |
+ goto out_drop; |
1151 |
+ } |
1152 |
+ } |
1153 |
+diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c |
1154 |
+index 8a2077408ab0..af1bb7353792 100644 |
1155 |
+--- a/fs/nfs/pagelist.c |
1156 |
++++ b/fs/nfs/pagelist.c |
1157 |
+@@ -593,7 +593,7 @@ static void nfs_pgio_rpcsetup(struct nfs_pgio_header *hdr, |
1158 |
+ } |
1159 |
+ |
1160 |
+ hdr->res.fattr = &hdr->fattr; |
1161 |
+- hdr->res.count = count; |
1162 |
++ hdr->res.count = 0; |
1163 |
+ hdr->res.eof = 0; |
1164 |
+ hdr->res.verf = &hdr->verf; |
1165 |
+ nfs_fattr_init(&hdr->fattr); |
1166 |
+diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c |
1167 |
+index b417bbcd9704..b83e14ad13c4 100644 |
1168 |
+--- a/fs/nfs/proc.c |
1169 |
++++ b/fs/nfs/proc.c |
1170 |
+@@ -588,7 +588,8 @@ static int nfs_read_done(struct rpc_task *task, struct nfs_pgio_header *hdr) |
1171 |
+ /* Emulate the eof flag, which isn't normally needed in NFSv2 |
1172 |
+ * as it is guaranteed to always return the file attributes |
1173 |
+ */ |
1174 |
+- if (hdr->args.offset + hdr->res.count >= hdr->res.fattr->size) |
1175 |
++ if ((hdr->res.count == 0 && hdr->args.count > 0) || |
1176 |
++ hdr->args.offset + hdr->res.count >= hdr->res.fattr->size) |
1177 |
+ hdr->res.eof = 1; |
1178 |
+ } |
1179 |
+ return 0; |
1180 |
+@@ -609,8 +610,10 @@ static int nfs_proc_pgio_rpc_prepare(struct rpc_task *task, |
1181 |
+ |
1182 |
+ static int nfs_write_done(struct rpc_task *task, struct nfs_pgio_header *hdr) |
1183 |
+ { |
1184 |
+- if (task->tk_status >= 0) |
1185 |
++ if (task->tk_status >= 0) { |
1186 |
++ hdr->res.count = hdr->args.count; |
1187 |
+ nfs_writeback_update_inode(hdr); |
1188 |
++ } |
1189 |
+ return 0; |
1190 |
+ } |
1191 |
+ |
1192 |
+diff --git a/include/uapi/linux/isdn/capicmd.h b/include/uapi/linux/isdn/capicmd.h |
1193 |
+index b58635f722da..ae1e1fba2e13 100644 |
1194 |
+--- a/include/uapi/linux/isdn/capicmd.h |
1195 |
++++ b/include/uapi/linux/isdn/capicmd.h |
1196 |
+@@ -15,6 +15,7 @@ |
1197 |
+ #define CAPI_MSG_BASELEN 8 |
1198 |
+ #define CAPI_DATA_B3_REQ_LEN (CAPI_MSG_BASELEN+4+4+2+2+2) |
1199 |
+ #define CAPI_DATA_B3_RESP_LEN (CAPI_MSG_BASELEN+4+2) |
1200 |
++#define CAPI_DISCONNECT_B3_RESP_LEN (CAPI_MSG_BASELEN+4) |
1201 |
+ |
1202 |
+ /*----- CAPI commands -----*/ |
1203 |
+ #define CAPI_ALERT 0x01 |
1204 |
+diff --git a/kernel/irq/resend.c b/kernel/irq/resend.c |
1205 |
+index b86886beee4f..867fb0ed4aa6 100644 |
1206 |
+--- a/kernel/irq/resend.c |
1207 |
++++ b/kernel/irq/resend.c |
1208 |
+@@ -37,6 +37,8 @@ static void resend_irqs(unsigned long arg) |
1209 |
+ irq = find_first_bit(irqs_resend, nr_irqs); |
1210 |
+ clear_bit(irq, irqs_resend); |
1211 |
+ desc = irq_to_desc(irq); |
1212 |
++ if (!desc) |
1213 |
++ continue; |
1214 |
+ local_irq_disable(); |
1215 |
+ desc->handle_irq(desc); |
1216 |
+ local_irq_enable(); |
1217 |
+diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c |
1218 |
+index cd8deea2d074..db6b65a5f811 100644 |
1219 |
+--- a/net/bridge/br_mdb.c |
1220 |
++++ b/net/bridge/br_mdb.c |
1221 |
+@@ -256,7 +256,7 @@ static int nlmsg_populate_rtr_fill(struct sk_buff *skb, |
1222 |
+ struct nlmsghdr *nlh; |
1223 |
+ struct nlattr *nest; |
1224 |
+ |
1225 |
+- nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), NLM_F_MULTI); |
1226 |
++ nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0); |
1227 |
+ if (!nlh) |
1228 |
+ return -EMSGSIZE; |
1229 |
+ |
1230 |
+diff --git a/net/core/dev.c b/net/core/dev.c |
1231 |
+index 152e1e6316e6..18a5154e2f25 100644 |
1232 |
+--- a/net/core/dev.c |
1233 |
++++ b/net/core/dev.c |
1234 |
+@@ -6837,6 +6837,8 @@ int register_netdevice(struct net_device *dev) |
1235 |
+ ret = notifier_to_errno(ret); |
1236 |
+ if (ret) { |
1237 |
+ rollback_registered(dev); |
1238 |
++ rcu_barrier(); |
1239 |
++ |
1240 |
+ dev->reg_state = NETREG_UNREGISTERED; |
1241 |
+ } |
1242 |
+ /* |
1243 |
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
1244 |
+index 30c5500b0899..b0677b265b48 100644 |
1245 |
+--- a/net/ipv4/tcp_input.c |
1246 |
++++ b/net/ipv4/tcp_input.c |
1247 |
+@@ -225,7 +225,7 @@ static void tcp_ecn_accept_cwr(struct tcp_sock *tp, const struct sk_buff *skb) |
1248 |
+ |
1249 |
+ static void tcp_ecn_withdraw_cwr(struct tcp_sock *tp) |
1250 |
+ { |
1251 |
+- tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR; |
1252 |
++ tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR; |
1253 |
+ } |
1254 |
+ |
1255 |
+ static void __tcp_ecn_check_ce(struct sock *sk, const struct sk_buff *skb) |
1256 |
+diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c |
1257 |
+index a830b68e63c9..c846cff26933 100644 |
1258 |
+--- a/net/ipv6/ping.c |
1259 |
++++ b/net/ipv6/ping.c |
1260 |
+@@ -234,7 +234,7 @@ static int __net_init ping_v6_proc_init_net(struct net *net) |
1261 |
+ return ping_proc_register(net, &ping_v6_seq_afinfo); |
1262 |
+ } |
1263 |
+ |
1264 |
+-static void __net_init ping_v6_proc_exit_net(struct net *net) |
1265 |
++static void __net_exit ping_v6_proc_exit_net(struct net *net) |
1266 |
+ { |
1267 |
+ return ping_proc_unregister(net, &ping_v6_seq_afinfo); |
1268 |
+ } |
1269 |
+diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c |
1270 |
+index b666959f17c0..b7c13179fa40 100644 |
1271 |
+--- a/net/netfilter/nf_conntrack_ftp.c |
1272 |
++++ b/net/netfilter/nf_conntrack_ftp.c |
1273 |
+@@ -334,7 +334,7 @@ static int find_pattern(const char *data, size_t dlen, |
1274 |
+ i++; |
1275 |
+ } |
1276 |
+ |
1277 |
+- pr_debug("Skipped up to `%c'!\n", skip); |
1278 |
++ pr_debug("Skipped up to 0x%hhx delimiter!\n", skip); |
1279 |
+ |
1280 |
+ *numoff = i; |
1281 |
+ *numlen = getnum(data + i, dlen - i, cmd, term, numoff); |
1282 |
+diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c |
1283 |
+index aa4725038f94..eec6dc2d3152 100644 |
1284 |
+--- a/net/sched/sch_generic.c |
1285 |
++++ b/net/sched/sch_generic.c |
1286 |
+@@ -671,7 +671,11 @@ static void qdisc_rcu_free(struct rcu_head *head) |
1287 |
+ |
1288 |
+ void qdisc_destroy(struct Qdisc *qdisc) |
1289 |
+ { |
1290 |
+- const struct Qdisc_ops *ops = qdisc->ops; |
1291 |
++ const struct Qdisc_ops *ops; |
1292 |
++ |
1293 |
++ if (!qdisc) |
1294 |
++ return; |
1295 |
++ ops = qdisc->ops; |
1296 |
+ |
1297 |
+ if (qdisc->flags & TCQ_F_BUILTIN || |
1298 |
+ !atomic_dec_and_test(&qdisc->refcnt)) |
1299 |
+diff --git a/net/sched/sch_hhf.c b/net/sched/sch_hhf.c |
1300 |
+index aff2a1b46f7f..dc68dccc6b0c 100644 |
1301 |
+--- a/net/sched/sch_hhf.c |
1302 |
++++ b/net/sched/sch_hhf.c |
1303 |
+@@ -552,7 +552,7 @@ static int hhf_change(struct Qdisc *sch, struct nlattr *opt) |
1304 |
+ new_hhf_non_hh_weight = nla_get_u32(tb[TCA_HHF_NON_HH_WEIGHT]); |
1305 |
+ |
1306 |
+ non_hh_quantum = (u64)new_quantum * new_hhf_non_hh_weight; |
1307 |
+- if (non_hh_quantum > INT_MAX) |
1308 |
++ if (non_hh_quantum == 0 || non_hh_quantum > INT_MAX) |
1309 |
+ return -EINVAL; |
1310 |
+ |
1311 |
+ sch_tree_lock(sch); |
1312 |
+diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c |
1313 |
+index 247d1888c386..07c54b212cd7 100644 |
1314 |
+--- a/net/sctp/protocol.c |
1315 |
++++ b/net/sctp/protocol.c |
1316 |
+@@ -1331,7 +1331,7 @@ static int __net_init sctp_ctrlsock_init(struct net *net) |
1317 |
+ return status; |
1318 |
+ } |
1319 |
+ |
1320 |
+-static void __net_init sctp_ctrlsock_exit(struct net *net) |
1321 |
++static void __net_exit sctp_ctrlsock_exit(struct net *net) |
1322 |
+ { |
1323 |
+ /* Free the control endpoint. */ |
1324 |
+ inet_ctl_sock_destroy(net->sctp.ctl_sock); |
1325 |
+diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c |
1326 |
+index e5cd14307aa5..7c220e905168 100644 |
1327 |
+--- a/net/sctp/sm_sideeffect.c |
1328 |
++++ b/net/sctp/sm_sideeffect.c |
1329 |
+@@ -505,7 +505,7 @@ static void sctp_do_8_2_transport_strike(sctp_cmd_seq_t *commands, |
1330 |
+ */ |
1331 |
+ if ((transport->state == SCTP_ACTIVE) && |
1332 |
+ (transport->error_count < transport->pathmaxrxt) && |
1333 |
+- (transport->error_count > asoc->pf_retrans)) { |
1334 |
++ (transport->error_count > transport->pf_retrans)) { |
1335 |
+ |
1336 |
+ sctp_assoc_control_transport(asoc, transport, |
1337 |
+ SCTP_TRANSPORT_PF, |
1338 |
+diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c |
1339 |
+index c4c151bc000c..b57675f81ceb 100644 |
1340 |
+--- a/net/tipc/name_distr.c |
1341 |
++++ b/net/tipc/name_distr.c |
1342 |
+@@ -284,7 +284,8 @@ static void tipc_publ_purge(struct net *net, struct publication *publ, u32 addr) |
1343 |
+ publ->key); |
1344 |
+ } |
1345 |
+ |
1346 |
+- kfree_rcu(p, rcu); |
1347 |
++ if (p) |
1348 |
++ kfree_rcu(p, rcu); |
1349 |
+ } |
1350 |
+ |
1351 |
+ void tipc_publ_notify(struct net *net, struct list_head *nsub_list, u32 addr) |
1352 |
+diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c |
1353 |
+index 8882b729924d..976deea0569e 100644 |
1354 |
+--- a/security/keys/request_key_auth.c |
1355 |
++++ b/security/keys/request_key_auth.c |
1356 |
+@@ -71,6 +71,9 @@ static void request_key_auth_describe(const struct key *key, |
1357 |
+ { |
1358 |
+ struct request_key_auth *rka = key->payload.data[0]; |
1359 |
+ |
1360 |
++ if (!rka) |
1361 |
++ return; |
1362 |
++ |
1363 |
+ seq_puts(m, "key:"); |
1364 |
+ seq_puts(m, key->description); |
1365 |
+ if (key_is_positive(key)) |
1366 |
+@@ -88,6 +91,9 @@ static long request_key_auth_read(const struct key *key, |
1367 |
+ size_t datalen; |
1368 |
+ long ret; |
1369 |
+ |
1370 |
++ if (!rka) |
1371 |
++ return -EKEYREVOKED; |
1372 |
++ |
1373 |
+ datalen = rka->callout_len; |
1374 |
+ ret = datalen; |
1375 |
+ |
1376 |
+diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c |
1377 |
+index 532e7bf06868..58cf16188722 100644 |
1378 |
+--- a/tools/power/x86/turbostat/turbostat.c |
1379 |
++++ b/tools/power/x86/turbostat/turbostat.c |
1380 |
+@@ -3014,7 +3014,7 @@ int initialize_counters(int cpu_id) |
1381 |
+ |
1382 |
+ void allocate_output_buffer() |
1383 |
+ { |
1384 |
+- output_buffer = calloc(1, (1 + topo.num_cpus) * 1024); |
1385 |
++ output_buffer = calloc(1, (1 + topo.num_cpus) * 2048); |
1386 |
+ outp = output_buffer; |
1387 |
+ if (outp == NULL) |
1388 |
+ err(-1, "calloc output buffer"); |
1389 |
+diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c |
1390 |
+index 571c1ce37d15..5c1efb869df2 100644 |
1391 |
+--- a/virt/kvm/coalesced_mmio.c |
1392 |
++++ b/virt/kvm/coalesced_mmio.c |
1393 |
+@@ -39,7 +39,7 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev, |
1394 |
+ return 1; |
1395 |
+ } |
1396 |
+ |
1397 |
+-static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev) |
1398 |
++static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev, u32 last) |
1399 |
+ { |
1400 |
+ struct kvm_coalesced_mmio_ring *ring; |
1401 |
+ unsigned avail; |
1402 |
+@@ -51,7 +51,7 @@ static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev) |
1403 |
+ * there is always one unused entry in the buffer |
1404 |
+ */ |
1405 |
+ ring = dev->kvm->coalesced_mmio_ring; |
1406 |
+- avail = (ring->first - ring->last - 1) % KVM_COALESCED_MMIO_MAX; |
1407 |
++ avail = (ring->first - last - 1) % KVM_COALESCED_MMIO_MAX; |
1408 |
+ if (avail == 0) { |
1409 |
+ /* full */ |
1410 |
+ return 0; |
1411 |
+@@ -66,24 +66,27 @@ static int coalesced_mmio_write(struct kvm_vcpu *vcpu, |
1412 |
+ { |
1413 |
+ struct kvm_coalesced_mmio_dev *dev = to_mmio(this); |
1414 |
+ struct kvm_coalesced_mmio_ring *ring = dev->kvm->coalesced_mmio_ring; |
1415 |
++ __u32 insert; |
1416 |
+ |
1417 |
+ if (!coalesced_mmio_in_range(dev, addr, len)) |
1418 |
+ return -EOPNOTSUPP; |
1419 |
+ |
1420 |
+ spin_lock(&dev->kvm->ring_lock); |
1421 |
+ |
1422 |
+- if (!coalesced_mmio_has_room(dev)) { |
1423 |
++ insert = READ_ONCE(ring->last); |
1424 |
++ if (!coalesced_mmio_has_room(dev, insert) || |
1425 |
++ insert >= KVM_COALESCED_MMIO_MAX) { |
1426 |
+ spin_unlock(&dev->kvm->ring_lock); |
1427 |
+ return -EOPNOTSUPP; |
1428 |
+ } |
1429 |
+ |
1430 |
+ /* copy data in first free entry of the ring */ |
1431 |
+ |
1432 |
+- ring->coalesced_mmio[ring->last].phys_addr = addr; |
1433 |
+- ring->coalesced_mmio[ring->last].len = len; |
1434 |
+- memcpy(ring->coalesced_mmio[ring->last].data, val, len); |
1435 |
++ ring->coalesced_mmio[insert].phys_addr = addr; |
1436 |
++ ring->coalesced_mmio[insert].len = len; |
1437 |
++ memcpy(ring->coalesced_mmio[insert].data, val, len); |
1438 |
+ smp_wmb(); |
1439 |
+- ring->last = (ring->last + 1) % KVM_COALESCED_MMIO_MAX; |
1440 |
++ ring->last = (insert + 1) % KVM_COALESCED_MMIO_MAX; |
1441 |
+ spin_unlock(&dev->kvm->ring_lock); |
1442 |
+ return 0; |
1443 |
+ } |